Chonnymon and ITEK are two crackers whose attack of November 19, 2005 hit the Metanet Software Forums. Among the deletion of the accounts Mare, Raigan, and Kablizzy (which thus is why you may find old posts from 'guests' who used those names), the main impact of their attack was Kablizzy, a long-standing staff member, announcing that he was leaving the community (mostly due to his domestic circumstances; however, he has confessed his obsession with N and has been active since). Three days after, a malicious cracker named Lavery regressed the forums' condition even more, changing the custom skin to a preset Forumer one. He also has been IP-banned along with the other two.
In this hard moment, Head Administrator Keron Cyst succeeded in reorganizing the board and IP-banning the crackers (although he was reluctant in banning Chonnymon; the reason can be found in the timeline below). Users like jflash and InuyashaDuelist have created backups of the most important information on the forums in the following days.
Below is a pair of synopses Keron Cyst posted regarding the incidents at the forums. (You can find the whole discussion here.)
November 19, at around brunch time (GMT-8):Edit
- I go check the MN forums
- I fail to log in. I retry twice, actually watching my fingers the other times :-P It still fails.
- I scroll to the top of the board and see that the top category has changed from "N" to "Chonnymon is a GOD Hacker"
- I look at the Online List and see "Keron Cyst: viewing a member's profile" when it should say Keron Cyst is viewing the Online List
- I post a vulgar thread in the B&T urgently telling Kablizzy to reset my password, without realizing that Kablizzy's account has already been deleted, along with the other admins'
- I hold an AIM instant message with 7654321 as I helplessly hit F5 in horror, slowly watching all the forum names change into random junk
- I sulk on not having set LittleViking001 to admin already, and then after the FAQ has changed to "ITEK Help" and the forum below it has changed, the category changes to something like "I feel guilty" (I don't remember exactly)
- "NO worryies your pass and usernames hav been restord"
- I try to log in, but it fails. I log in again 2 min. later and it works
- I immediately check the admin log for the foreign IP Keron Cyst was using and ban it, and start reverting the names of the forums
- I get a PM from ITEK saying that he's sorry he kind of went overboard but was simply telling me that my password of 6 #s is really too simple and that I ought to make it more complex :-P
- Right at the moment Chonnymon sends an IM through AIM to me, sending me URLs of the hash-searching site he used to look up my password and a database of collected exploits of various websites, and also tells that lowercase and uppercase letters confuse the hash-searcher heavily; I thus unban him so he can read my notes to him in the forum. He says that ITEK assisted him with the hacking and also persuaded him to give me back my password
- Everyone overreacts (that was fun)
- I reregister the deleted admin trio back in after e-mailing them all of what occurred
- Later that night Kablizzy posts his leave without even reading any further into the event than "1337 h4x" and uses his admin account to delete himself
- I change my password at the MN forums and my e-mail account after typing up some 1337-sp34k in Notepad and copying it and pasting it into the respective password bars. I essentially locked myself out of my Yahoo! account (for some reason it keep sayng it's invalid) and lost a ton of information, and have now reverted to my emergency Gmail account until I can contact Yahoo! Customer Care (I'm pathetic)
November 21 (today), at 9:00 in the morning (GMT-8):Edit
- I go on my ME to check if the Soldat forums are still down
- I see the board with a red, changed skin (one of the many precustomized skins Forumer has) and think Wow, Mare's sure been busy.
- Where's the banner?! Mojo must be respected!!
- I log in this time but see that I am now a Global Moderator
- I get PMs; some say "WTF is going on" mainly, "If you're the hacker you're gh3y" (heh), and "Are you able to do anything about it? Is there anything I can do to help?"
- I see a thread under News saying "Do you want your forum back?" by administrator Lavary
- I post in it, thinking it might be possible to reach the thousand posts if his GMT is not +2 (he demanded there must be 1000 posts by 10 PM), skimming over the fact that he said they must be all from different members
- I go on Gaim and miraculously find Chonnymon online
- I ask him to hack into his account and restore me to admin status (if he hacked into mine there's no point since a Global Mod can't promote himself to admin)
- He says his password was "lavary"
- I immediately suspend admin Lavary for 365 days, then ban his IP, and then delete his account
- I try to tend with the chaos, and revert the skin back to regular IPB (darn it, those custom images took a while to load into the system )
- Out of ph34r of t3h 1337 h4x0r possibly having a dynamic IP I immediately head back to the Ban Settings and stick wildcards on his IP and other adjacent IPs
- Chonnymon's IP was also close to his. In banning those IPs and labeling wildcards he is also banned from the forums, so if another hacker comes by he won't be able to help.
I am creating a new security measure as you read this.
EDIT It might be worth noting that Chonnymon (the first, nonmalicious hacker) was accompanied by someone named ITEK, although his IP (first # is 89) shows that he is very far away from Chonnymon.